[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: shadow-960910



On Thu, 12 Sep 1996, Elliot Lee wrote:

> login, passwd, & su are already there. sg == newgrp, no?

Well, let me state this again: saying that 'passwd is already in there' 
does not solve the problem. The passwd you (RedHat) supply is a 
SimpleApps in the true mean of this context - it is SIMPLE. Take a look 
at passwd from the shadow core. You will see what I mean. Take a look at 
the login from shadow core. You will see what I mean. I mean FEATURES. 
Instead of working again to add features, to reinvent the wheel, Why not 
use what we already have ? People will always be very sensitive when they 
come and ask for a full featured tool and you reply "basic support is 
already there".

> adduser now knows
> about /etc/shadow.

Aging disabled...

> As for usermod & del, and groupadd, mod, and del, that
> just hasn't been there :( Deleting users & groups is really best left up
> to being done by hand, though - if it isn't things can often get left
> lying around with the uid/gid attached to them. It's hard to completely
> erase the traces of a user/group from a system.

Take a look at the usermod for example. Tell me that is easyier to do by 
hand what 'usermod -d /home/new_home -m -l new_name oldname' does and 
I'll shut up.

> being able to read /etc/shadow is 9/10ths of the equation. Password aging
> is nice too, and is supported AFAIK. The only part is having to edit
> /etc/shadow to manually set the # of expiration days.

Sincerely, are you brave enough to put this on a README about working 
with shadow on your servers ? Suggest users to do by hand things ? What 
if someone is messing his /etc/shadow... RedHat is excellent at providing 
X apps to manage things, so probably this will be corrected in the 
usercfg. I am talking about text utils. Get the task of changing in batch 
some info from the aging fields... It is not important that it is 
possible to do it, it is important _how easy_ is to do it.

> adduser does shadow. Also the usercfg X tool does shadow. I don't think
> usercfg allows you to reset password aging & etc. - I'm not sure tho.

Would you like please to forget about X ? RedHat is used by many ISP. You 
get a call that something is wrong - you dial/telnet to the server and 
correct the problem. You don't have X. I have done it. X utils are good 
for marketing. But the admins will hate you for oversights like this...

> There are a lot of things in there that are just irrelevant - logoutd for
> example...

Okay, I give up on this one :-)

> Newcomer joe admin would be frightened by /etc/shadow at all ;-)

That's wrong. Joe user just heared that shadow is a good thing. Then 
comes the problems, list floods, etc.

> Not everyone's perfect or has a perfect amount of time for all these
> things that need to be done ;-) Thanks for what you've done so far.
> There's more work to be done to get PAM to where it's going to be, of
> course...

Well, as I said - you are doing a wonderful job. Sometimes you may need 
help. Don't forget to drop a note at me, I'd be more than happy to help...

With best regards,
		Cristian Gafton
--
--------------------------------------------------------------------
Cristian Gafton                                    gafton@sorosis.ro
Computers & Communications Center              Network Administrator
35 Moara de Foc St., Iasi 6600, ROMANIA           Tel: +40-32-252938
http://www.cccis.ro                               Fax: +40-32-252933
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
UNIX is user friendly. It's just selective about who its friends are.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []